114.119.131.234

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Singapore

运营商(isp): Huawei International Pte Ltd

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	[Tue Sep 08 23:48:45.149090 2020] [:error] [pid 4739:tid 140606164666112] [client 114.119.131.234:2254] [client 114.119.131.234] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/robots.txt"] [unique_id "X1e17RPsKlRCBS0f4rnb0gAAAAg"] ...	2020-09-10 01:52:04

类型

评论内容

时间

attack

[Tue Sep 08 23:48:45.149090 2020] [:error] [pid 4739:tid 140606164666112] [client 114.119.131.234:2254] [client 114.119.131.234] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/robots.txt"] [unique_id "X1e17RPsKlRCBS0f4rnb0gAAAAg"]
...

2020-09-10 01:52:04

相同子网IP讨论:

暂无关于此IP所属子网相关IP的讨论.

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 114.119.131.234
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12741
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;114.119.131.234.		IN	A

;; AUTHORITY SECTION:
.			305	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020090901 1800 900 604800 86400

;; Query time: 66 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Sep 10 01:51:54 CST 2020
;; MSG SIZE  rcvd: 119

HOST信息:

234.131.119.114.in-addr.arpa domain name pointer petalbot-114-119-131-234.aspiegel.com.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
234.131.119.114.in-addr.arpa	name = petalbot-114-119-131-234.aspiegel.com.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
87.251.74.212	attackbotsspam	06/20/2020-19:23:59.727440 87.251.74.212 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-06-21 08:02:46
24.201.180.166	attack	ET CINS Active Threat Intelligence Poor Reputation IP group 10 - port: 8080 proto: TCP cat: Misc Attack	2020-06-21 07:49:25
54.39.215.32	attackbots	US_OVH_<177>1592694063 [1:2403377:58145] ET CINS Active Threat Intelligence Poor Reputation IP UDP group 39 [Classification: Misc Attack] [Priority: 2]: {UDP} 54.39.215.32:45863	2020-06-21 08:05:51
94.102.51.75	attackspambots	ET CINS Active Threat Intelligence Poor Reputation IP group 92 - port: 33020 proto: TCP cat: Misc Attack	2020-06-21 07:58:07
185.153.196.225	attack	RU_RM Engineering LLC_<177>1592695559 [1:2402000:5581] ET DROP Dshield Block Listed Source group 1 [Classification: Misc Attack] [Priority: 2]: {TCP} 185.153.196.225:44172	2020-06-21 07:53:41
62.4.14.122	attack	ET CINS Active Threat Intelligence Poor Reputation IP group 60 - port: 5060 proto: UDP cat: Misc Attack	2020-06-21 07:45:38
180.76.160.220	attackspam	Invalid user ramesh from 180.76.160.220 port 41230	2020-06-21 07:55:19
185.39.11.56	attackbots	Jun 21 01:40:02 debian-2gb-nbg1-2 kernel: \[14955084.539145\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=185.39.11.56 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=39360 PROTO=TCP SPT=57597 DPT=6649 WINDOW=1024 RES=0x00 SYN URGP=0	2020-06-21 07:54:07
125.167.34.236	attack	Honeypot attack, port: 81, PTR: PTR record not found	2020-06-21 08:16:09
103.63.109.74	attackspam	Jun 20 08:31:50 Tower sshd[18009]: refused connect from 182.61.138.203 (182.61.138.203) Jun 20 19:10:05 Tower sshd[18009]: Connection from 103.63.109.74 port 35932 on 192.168.10.220 port 22 rdomain "" Jun 20 19:10:07 Tower sshd[18009]: Invalid user cristi from 103.63.109.74 port 35932 Jun 20 19:10:07 Tower sshd[18009]: error: Could not get shadow information for NOUSER Jun 20 19:10:07 Tower sshd[18009]: Failed password for invalid user cristi from 103.63.109.74 port 35932 ssh2 Jun 20 19:10:07 Tower sshd[18009]: Received disconnect from 103.63.109.74 port 35932:11: Bye Bye [preauth] Jun 20 19:10:07 Tower sshd[18009]: Disconnected from invalid user cristi 103.63.109.74 port 35932 [preauth]	2020-06-21 08:09:44
93.174.89.55	attack	TCP (SYN) 93.174.89.55:53995 -> port 65519, len 44	2020-06-21 07:59:28
45.143.220.116	attackspam	Scanned 3 times in the last 24 hours on port 5060	2020-06-21 08:08:18
113.118.46.183	attackbotsspam	1592684073 - 06/20/2020 22:14:33 Host: 113.118.46.183/113.118.46.183 Port: 445 TCP Blocked	2020-06-21 08:11:22
180.165.225.92	attackbotsspam	ET SCAN Suspicious inbound to MSSQL port 1433 - port: 1433 proto: TCP cat: Potentially Bad Traffic	2020-06-21 07:37:01
83.97.20.224	attack	ET CINS Active Threat Intelligence Poor Reputation IP group 77 - port: 27017 proto: TCP cat: Misc Attack	2020-06-21 07:43:57

最近上报的IP列表

216.28.160.16	26.64.155.218	217.8.61.225	94.83.230.134
95.141.25.193	201.190.151.65	171.118.9.169	51.255.55.129
156.211.175.80	212.83.185.225	49.82.100.70	189.140.55.175
220.134.102.244	163.172.50.168	46.163.211.128	51.11.240.184
88.80.20.86	186.2.146.181	1.0.237.118	178.220.180.24